After two years of staying home and not attending any big cybersecurity conferences, I forgot about the chaos.
RSAC 2022 was a mix of enlightening speaking sessions, over stimulating booth experiences, and uplifting connections with friends, new and old.
Here's the highlight reel for our first big event for the Summer of JupiterOne.
The human element
"The Human Element" was the theme of RSAC 2020, just as COVID-19 was making its way across the world and sending us into a global pandemic. This year, at RSAC 2022, the theme was "Transform" and I was pleased with the number of sessions about how to improve how we work together as human beings.
We are finally at a point in cybersecurity where practitioners and leaders are realizing technology does not solve all the problems. In the words of Caroline Wong on Cyber Therapy, "We as an industry know how to find and how to fix and how to prevent application security vulnerabilities. What we don't know is how to work with each other to get the darn things fixed."
We are finally talking about the "soft" skills that actually transform processes and optimize the use of technology. The human beings who operate the technology are equally important to building your tech roadmap for your security program.
Be a thoughtful cybersecurity kitten, not a grumpy cat
"The curse of knowledge is the number one reason security awareness training fails," says Kerry Tomlinson, seasoned cyber news reporter from Ampere News. Her session at 8:30 a.m. Monday morning walked through how to make security messaging more understandable and impactful.
The written word is a powerful persuasion tool, but the curse of knowing too much gets in the way of communication that drives action. Technologists get comfortable using big, fancy words to describe technology, even though the educated audience in other business functions may not know what they mean. Did you know that the average person needs to understand 98% of the words in an article to read comfortably? This doesn't mean that people are inherently dumb. Rather, the use of big words makes it harder to educate and persuade the reader.
If you're trying to get your business partners to behave a certain way, you have to reduce the barriers to understanding. Start using this tool to de-jargonize your writing: https://scienceandpublic.com/
Lizard brain vs. Philosoraptor
Kelly Shortridge, Senior Principal Product Technologist at Fastly, and Sounil Yu, CISO and Head of Research at JupiterOne, came in fashion to their talk Tuesday morning.
Both of these esteemed security professionals are also students of behavioral economics, which is the study of human behavior through the lens of economics and psychology. Kelly and Sounil dove into two particular ways the brain works and how it contributes to poor security decisions.
The lizard brain, also known as the reptilian brain or primal brain, is responsible for the four F's that ensure our survival: feed, fight, flight, and...reproduction. The lizard brain is often irrational and sees things a little too black and white. It drives our instincts and gut decisions.
On the other hand, the neocortex, which Sounil affectionately calls the Philosoraptor, is what we use for rational thinking. It fuels our reasoning and probability calculations when we're making decisions or planning what to do next.
In any situation that triggers our fight or flight response, the lizard brain is in charge. This could be during a high stakes incident, but it could also be a mundane, everyday situation with a tired brain. So how do we change the instincts of folks to be more security-conscious? In the words of Kelly, "Repetition and practice turns tasks from Philosoraptor processes into Lizard Brain instincts."
Making new friends and catching up with old ones
This year's RSAC felt like a major turning point in my career. Maybe it's because I'm finally realizing that the value of these conferences isn't just the speaking sessions. Clearly, I went to a select few sessions to take home some nuggets of knowledge and implement in my own work. But the real golden egg? The relationships nurtured along the way.
After running hard alongside so many authors to launch the book Reinventing Cybersecurity, I finally got to hang out with some of them in person and get their autographs on my book!
These wonderful human beings are doing great work as technologists and experts in their field and I am so honored to have met them. I even had the opportunity to livestream Cyber Therapy with Tracy Bannon! Definitely check out this episode when you have a moment to wind down from the craziness of RSA.
I also got to share my love of Philz coffee with Cloud Security Podcast Host Ashish Rajan and Producer Shilpi Bhattacharjee.
They are creating such a great resource about cloud security and they have such wonderful mentoring spirits! They definitely came to RSAC in style and kept things fun. Keep an eye out for their episodes of coverage from RSAC! I'm also looking forward to the day they join us on Cyber Therapy.
I'd be remiss if I didn't mention the amazing dinner hosted at Fang Restaurant. Not only was the food amazing, the conversations were fantastic. Ashish hosted a wonderful fireside chat featuring Robinhood CSO Caleb Sima and JupiterOne CEO and Founder Erkang Zheng where we got a bit more insight into the importance of asset visibility, the vendor-practitioner ebbs and flows, and how to grab attention in the busy email inbox of a CSO.
I am feeling hopeful leaving RSAC 2022 and I hope you are too! See you there next year!